Re: BlackIce IDS
From: svek (svek-NO-SPAM@gmx.net)
Date: 01/08/03
- Next message: Joseph V. Morris: "Re: NIS reverses IP address"
- Previous message: Joseph V. Morris: "Re: norton personal firewall 2003"
- In reply to: Duane Arnold: "BlackIce IDS"
- Next in thread: Duane Arnold: "Re: BlackIce IDS"
- Reply: Duane Arnold: "Re: BlackIce IDS"
- Reply: Alexander Delarge: "Re: BlackIce IDS"
- Reply: Greg Hennessy: "Re: BlackIce IDS"
- Reply: RT: "Re: BlackIce IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: svek <svek-NO-SPAM@gmx.net> Date: 8 Jan 2003 21:10:20 GMT
"Duane Arnold" <nitme@notme.com> wrote in
news:mP%S9.287877$qF3.27603@sccrnsc04:
> If I set BlackIce on a machine at home to Accept all my company's
> IP(s) on ports used by Netmeeting and connect Netmeeting to Netmeeting
> RDS to a machine at work that is infected with worm, I know that IDS
> is going to see that attack coming and is going to instruct the
> firewall to start blocking network traffic from that IP.
>
> Any of the rest of the firewalls doing that let me know.
Well, security is larger than protecting against those vulnerabilities that
are known. What if this worm would be something new, one of a kind?
All BlackIce can do is to compare signatures to patterns in the network
traffic, but what if there wasn't any pattern like this one before?
Then that trust could be easily exploited.
An IP address is by no mean a way to identify yourself by, just look at the
r* services history.
/svek
- Next message: Joseph V. Morris: "Re: NIS reverses IP address"
- Previous message: Joseph V. Morris: "Re: norton personal firewall 2003"
- In reply to: Duane Arnold: "BlackIce IDS"
- Next in thread: Duane Arnold: "Re: BlackIce IDS"
- Reply: Duane Arnold: "Re: BlackIce IDS"
- Reply: Alexander Delarge: "Re: BlackIce IDS"
- Reply: Greg Hennessy: "Re: BlackIce IDS"
- Reply: RT: "Re: BlackIce IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
